Virtual Private Cloud (VPC)

Introduction Virtual Private Cloud.

With this new section, we will start with the last pillar of cloud computing, “Networking”. If you are not from the Networking background you will find some new terms, however, if you have gone through the first introductory section of this course, you would find definitions to the terms there or you can always Google it.

So, let’s start with “Virtual Private Cloud”.

Introduction#

VPC is a largely invisible layer of Cloud Computing. Without VPC we wouldn’t be able to use Cloud Computing. VPC is created on top of the Physical network. It allows us to communicate with storage devices, using instances. Also, connecting to other networks like the Internet is also possible using VPC.

In core Networking language, VPC is a Software-defined private network logically created on top of the network devices where you can configure and manage the resources using IP addresses, subnets and firewalls.

Let’s understand it with an example.

Explanation with example#

Consider a city named X. Then City will have different neighbourhoods. And these neighbourhoods will have buildings or houses. No two houses will have the same address. This way, when we want to communicate with any of the houses we can reach out to them using their unique address.

So, the city is VPC, neighbourhoods are Subnetworks and houses are the instances or the network devices having IP addresses as their unique address.

Neighbourhood 1
(Subnet 1)
Neighbourhood 1<br>(Subnet 1)
Neighbourhood 2
(Subnet 2)
Neighbourhood 2<br>(Subnet 2)
Neighbourhood 3
(Subnet 3)
Neighbourhood 3<br>(Subnet 3)
VPC = City
VPC = City

Google Cloud Platform

<h2><font style="font-size: 22px ; font-weight: normal" face="Verdana">Google Cloud Platform</font></h2>
VPC Analogy

So, VPC is a “Global resource”. You can not have a VPC specific to a region. Then comes the subnetworks. These are regional resources.

VPC
[Not supported by viewer]
Region -  us-west1
[Not supported by viewer]
Region -  us-east1
[Not supported by viewer]
Zone -  us-west1-a
[Not supported by viewer]
Zone -  us-east1-a
[Not supported by viewer]
Zone -  us-east1-b
[Not supported by viewer]
Subnetwork 1 : 10.240.0.0/24
<span style="font-size: 14px">Subnetwork 1 : 10.240.0.0/24</span>
Subnetwork 2 : 192.168.1.0/24
<font style="font-size: 14px">Subnetwork 2 : 192.168.1.0/24</font>
Subnetwork 3 : 10.2.0.0/16
<font style="font-size: 14px">Subnetwork 3 : 10.2.0.0/16</font>
              VPC Routing
[Not supported by viewer]
10.240.0.2
10.240.0.2
10.240.0.3
10.240.0.3
198.168.1.2
198.168.1.2
10.2.0.2
10.2.0.2
10.2.0.3
10.2.0.3
Internet
[Not supported by viewer]
VPC in Google Cloud

In the above image, you can see that we have 3 subnets and 1 VPC.

VPC routing table maintains the routes to reach each instance. Each instance has a unique IP specific to the subnet.

You can have the same IP address in different VPCs. VPC is like a container for subnetworks. Google Cloud has 2 types of VPCs. “Auto mode” and “Custom Mode”.

In GCP we can communicate across subnets without using an external or public IP address.

Let’s see the 2 types of VPCs of GCP.

  • Open Main Menu > Networking > VPC Networks

  • Click on “Create a VPC Network”.

You will see the “Subnet creation mode” in the form.

Types of VPCs#

Google Cloud offers two types of VPC networks, determined by their subnet creation mode.

Auto mode#

When an auto mode VPC network is selected, one subnet from each region is automatically created within it.

Auto mode VPC
Auto mode VPC

These automatically created subnets use a set of predefined IP ranges that fit within the 10.128.0.0/9 CIDR block.

As new Google Cloud regions become available, new subnets in those regions are automatically added to auto mode VPC networks by using an IP range from that block. In addition to the automatically created subnets, you can add more subnets manually to auto mode VPC networks in regions that you choose by using IP ranges outside of 10.128.0.0/9.

You can also assign any of the default firewall rules or create a new one later on.

Dynamic routing mode defines how the routers will learn the routes. This is not required for this course. Cloud router comes under the Cloud Architect course. For now, keep the default.

Custom mode#

Now, select “Custom” for subnet creation mode.

When a custom mode VPC network is selected, no subnets are automatically created. This type of network provides you with complete control over its subnets and IP ranges.

You decide which subnets to create in regions that you choose by using IP ranges that you specify. In this case, you need to handle all the subnet masking for the IP addresses for the subnets created by you.

Also, you can select VPC flow logs for monitoring network traffic for each subnet you created. And, enable “Private Google Access” so that VMs in the subnet can access other google services without having a Public IP address

VPC flow logs are very important for monitoring any malicious activities happening in the Network or for audit purposes.

Keep in mind that you need VPC and at least one subnet under the VPC to use Google cloud instances or services.

Custom mode VPC
Custom mode VPC

If you are not an expert in networking and don’t how to manage IPs in each subnetwork then the Automatic mode is suitable for you. All the IPs are mapped to the default network. But if you want to have more control over IPs, Subnetworks, and VPCs then you should consider using the Custom mode of the VPC.

Quiz

Choosing the Right Load Balancer